Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

restmap.conf - Nothing but example values work?

Drainy
Champion
‎12-23-2011 07:35 AM 
[admin:myendpoint]
match=/mycustom
members=customendpoint

[admin_external:customendpoint]
handlertype = python
handlerfile = setup.py
handleractions = list, edit

The above is some example detail for the restmap.conf for an App provided here;
http://docs.splunk.com/Documentation/Splunk/latest/Developer/SetupExampleCustom

I have spent the most mind numbing hour or two trying to get this to function with any values other than the ones above and it will not have it. If I leave them as they are then it functions perfectly.
The documentation for this isn't great and wondered if anyone had any suggestions or tips?

Following one point in the documentation I changed myendpoint to anything unqiue, I then changed mycustom to mystartof and customendpoint to startofendpoint as it seemed to suggest that the match should be the start of the members value. This also didn't work.

Am I missing something?

Tags (1)
Reply

sideview
SplunkTrust
SplunkTrust
‎03-23-2015 05:01 PM

I think I know something that might be causing your headaches. It's something I ran into years ago too with restmap.conf endpoints, and that was unbelievably frustrating and peculiar until I figured it out.

The python class names must be globally unique across all apps and endpoints. If there are two endpoints that have the same python classname, only one of them will be loaded and the other one will be inexplicably doa. Also if during extended troubleshooting sessions and headbanging exercises, you save versions like "myHandler_backup.py", or "myHandler_take3.py", don't. Splunk will try and load those too, I think even if there's no restmap.conf entry associated with it, and when the classnames match another file's classnames, you guessed it, only one will work.

0 Karma
Reply

the_wolverine
Champion
‎01-09-2013 11:07 AM

Here's another bit of example. I've been slowing piecing together how it all works. Documented examples could be better for sure.
http://splunk-base.splunk.com/answers/24200/good-example-of-a-working-custom-rest-endpoint-but-not-a... (still waiting on someone to actually answer the question.)

Reply

Drainy
Champion
‎12-29-2011 05:09 AM

shameless self bump!

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...